Merge pull request #617 from QKaiser/fix-pfs-path-traversal

fix path traversal in PFS extractor script

Merge pull request #617 from QKaiser/fix-pfs-path-traversal
fix path traversal in PFS extractor script
cddfede7 · devttys0 · GitHub · a555eb1f · 696fe34e · cddfede7
Unverified Commit cddfede7 authored Feb 01, 2023 by devttys0 Committed by GitHub Feb 01, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

unpfs.py src/binwalk/plugins/unpfs.py +1 -1

No files found.
--- a/src/binwalk/plugins/unpfs.py
+++ b/src/binwalk/plugins/unpfs.py
@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.Plugin):
                data = binwalk.core.common.BlockFile(fname, 'rb')
                data.seek(fs.get_end_of_meta_data())
                for entry in fs.entries():
-                    outfile_path = os.path.join(out_dir, entry.fname)
+                    outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
                    if not outfile_path.startswith(out_dir):
                        binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
                    else: